Privacy regulator reveals breach compromised Wendy’s PH data

Image from Wendy's PH Facebook page

If you were contacted by Wendy’s Philippines over the weekend, you surely know by now that you are among its customers whose personal data had been exposed to a recent data breach.

The National Privacy Commission (NPC) on May 2 ordered Wenphil Corp., the main operator of Wendy’s franchise in the country, to notify every single individual whose data had been exposed from the April 23 breach of its online site. Wendy’s Philippines was given 72 hours or three days to comply with that order.

The privacy watchdog estimates that about 82,150 records were breached. Exposed information may include personal details—names, home addresses, mobile or landline phone numbers, email addresses, passwords, transaction records, and mode of payment of the fastfood chain’s customers, loyalty card members, and even previous job applicants.

“There is a real risk of serious harm to the affected data subjects; the data is not merely incidental to the breach,” said NPC in its order, which is published online. “Yet unknown persons” published the company’s database online, according to the watchdog. However, it also disclosed that Wendy’s Philippines had admitted that its previous attempts to implement security measures failed upon the resignation of its information technology officers “before any of the measures were implemented.”

Such online data breaches usually expose affected individuals to a number of risks including possible identity theft and hacking of accounts. As of press time, Wendy’s Philippines’ website remains down.